@nu-art/permissions-backend 0.401.7 → 0.401.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -1,14 +1,15 @@
|
|
|
1
1
|
import { DBApiConfigV3, ModuleBE_BaseDB } from '@nu-art/thunderstorm-backend';
|
|
2
|
-
import { DB_PermissionUser, DBProto_PermissionUser, Request_AssignPermissions
|
|
2
|
+
import { DB_PermissionUser, DBProto_PermissionUser, Request_AssignPermissions } from '@nu-art/permissions-shared';
|
|
3
3
|
import { PerformProjectSetup } from '@nu-art/thunderstorm-backend/modules/action-processor/Action_SetupProject';
|
|
4
4
|
import { DB_BaseObject, UniqueId } from '@nu-art/ts-common';
|
|
5
|
-
import { OnNewUserRegistered, OnUserLogin } from '@nu-art/user-account-backend';
|
|
5
|
+
import { OnAccountDeleted, OnNewUserRegistered, OnUserLogin } from '@nu-art/user-account-backend';
|
|
6
6
|
import { Transaction } from 'firebase-admin/firestore';
|
|
7
|
-
import { UI_Account } from '@nu-art/user-account-shared';
|
|
7
|
+
import { SafeDB_Account, UI_Account } from '@nu-art/user-account-shared';
|
|
8
8
|
import { CollectionActionType, PostWriteProcessingData } from '@nu-art/firebase-backend/firestore-v3/FirestoreCollectionV3';
|
|
9
|
-
type Config = DBApiConfigV3<DBProto_PermissionUser> & {
|
|
10
|
-
|
|
11
|
-
|
|
9
|
+
type Config = DBApiConfigV3<DBProto_PermissionUser> & {
|
|
10
|
+
defaultPermissionGroupIds?: UniqueId[];
|
|
11
|
+
};
|
|
12
|
+
export declare class ModuleBE_PermissionUserDB_Class extends ModuleBE_BaseDB<DBProto_PermissionUser, Config> implements OnNewUserRegistered, OnUserLogin, PerformProjectSetup, OnAccountDeleted {
|
|
12
13
|
constructor();
|
|
13
14
|
__performProjectSetup(): {
|
|
14
15
|
priority: number;
|
|
@@ -16,12 +17,12 @@ export declare class ModuleBE_PermissionUserDB_Class extends ModuleBE_BaseDB<DBP
|
|
|
16
17
|
};
|
|
17
18
|
__onUserLogin(account: UI_Account, transaction: Transaction): Promise<void>;
|
|
18
19
|
__onNewUserRegistered(account: UI_Account, transaction: Transaction): Promise<void>;
|
|
20
|
+
__onAccountDeleted: (account: SafeDB_Account, transaction: Transaction) => Promise<void>;
|
|
19
21
|
protected preWriteProcessing(instance: DB_PermissionUser, originalDbInstance: DBProto_PermissionUser['dbType'], t?: Transaction): Promise<void>;
|
|
20
22
|
protected postWriteProcessing(data: PostWriteProcessingData<DBProto_PermissionUser>, actionType: CollectionActionType): Promise<void>;
|
|
21
23
|
insertIfNotExist: (uiAccount: UI_Account & DB_BaseObject, transaction: Transaction) => Promise<DB_PermissionUser | (Omit<DB_PermissionUser, "_id" | "__metadata1" | "__hardDelete" | "__created" | "__updated" | "_v" | "_originDocId" | ("_auditorId" | "__groupIds")> & Partial<import("@nu-art/ts-common").SubsetObjectByKeys<DB_PermissionUser, "_id" | "__metadata1" | "__hardDelete" | "__created" | "__updated" | "_v" | "_originDocId" | ("_auditorId" | "__groupIds")>> & Partial<import("@nu-art/ts-common").DB_Object>)>;
|
|
22
24
|
assignPermissions(body: Request_AssignPermissions): Promise<void>;
|
|
23
|
-
|
|
24
|
-
clearDefaultPermissionGroups: () => void;
|
|
25
|
+
private getDefaultPermissionGroups;
|
|
25
26
|
/**
|
|
26
27
|
* The system requires to perform action, which in other cases can also be done by a human.
|
|
27
28
|
* This requires system features to identify as a bot user, or "Service Account"
|
|
@@ -1,18 +1,17 @@
|
|
|
1
1
|
import { MemKey_ServerApi, ModuleBE_BaseDB, Storm, } from '@nu-art/thunderstorm-backend';
|
|
2
2
|
import { DBDef_PermissionUser } from '@nu-art/permissions-shared';
|
|
3
|
-
import { _keys, ApiException, asOptionalArray, batchActionParallel, dbObjectToId, exists, filterDuplicates, filterInstances, filterKeys, flatArray, JwtTools, merge, Year } from '@nu-art/ts-common';
|
|
3
|
+
import { _keys, ApiException, asOptionalArray, batchAction, batchActionParallel, dbObjectToId, exists, filterDuplicates, filterInstances, filterKeys, flatArray, JwtTools, merge, Year } from '@nu-art/ts-common';
|
|
4
4
|
import { ModuleBE_PermissionGroupDB } from '../permission-group/ModuleBE_PermissionGroupDB.js';
|
|
5
5
|
import { MemKey_AccountId, ModuleBE_AccountDB, ModuleBE_SessionDB } from '@nu-art/user-account-backend';
|
|
6
6
|
import { MemKey_UserPermissions } from '../../consts.js';
|
|
7
7
|
import { dispatcher_collectServiceAccounts } from '@nu-art/thunderstorm-backend/modules/_tdb/service-accounts';
|
|
8
8
|
export class ModuleBE_PermissionUserDB_Class extends ModuleBE_BaseDB {
|
|
9
|
-
defaultPermissionGroups;
|
|
10
9
|
constructor() {
|
|
11
10
|
super(DBDef_PermissionUser);
|
|
12
11
|
}
|
|
13
12
|
__performProjectSetup() {
|
|
14
13
|
return {
|
|
15
|
-
priority:
|
|
14
|
+
priority: 200,
|
|
16
15
|
processor: async () => {
|
|
17
16
|
const accounts = await ModuleBE_AccountDB.query.where({});
|
|
18
17
|
const permissionsUser = await this.query.all(accounts.map(dbObjectToId));
|
|
@@ -43,6 +42,9 @@ export class ModuleBE_PermissionUserDB_Class extends ModuleBE_BaseDB {
|
|
|
43
42
|
async __onNewUserRegistered(account, transaction) {
|
|
44
43
|
await this.insertIfNotExist(account, transaction);
|
|
45
44
|
}
|
|
45
|
+
__onAccountDeleted = async (account, transaction) => {
|
|
46
|
+
await this.delete.unique(account._id, transaction);
|
|
47
|
+
};
|
|
46
48
|
// protected async canDeleteDocument(transaction: FirestoreTransaction, dbInstances: DB_PermissionUser[]) {
|
|
47
49
|
// const conflicts: DB_PermissionUser[] = [];
|
|
48
50
|
// const accounts = await ModuleBE_AccountDB.query.custom(_EmptyQuery);
|
|
@@ -82,14 +84,10 @@ export class ModuleBE_PermissionUserDB_Class extends ModuleBE_BaseDB {
|
|
|
82
84
|
}
|
|
83
85
|
insertIfNotExist = async (uiAccount, transaction) => {
|
|
84
86
|
const create = async (transaction) => {
|
|
85
|
-
const defaultPermissionGroups =
|
|
86
|
-
const permissionGroups = ModuleBE_PermissionUserDB.defaultPermissionGroups
|
|
87
|
-
? filterInstances(await ModuleBE_PermissionGroupDB.query.all(defaultPermissionGroups.map(item => item.groupId)))
|
|
88
|
-
: [];
|
|
89
|
-
this.logInfo(`Received ${defaultPermissionGroups.length} groups to assign, ${permissionGroups.length} of which exist`);
|
|
87
|
+
const defaultPermissionGroups = await this.getDefaultPermissionGroups();
|
|
90
88
|
const permissionsUserToCreate = {
|
|
91
89
|
_id: uiAccount._id,
|
|
92
|
-
groups:
|
|
90
|
+
groups: defaultPermissionGroups.map(group => ({ groupId: group._id })),
|
|
93
91
|
_auditorId: MemKey_AccountId.get()
|
|
94
92
|
};
|
|
95
93
|
return ModuleBE_PermissionUserDB.create.item(permissionsUserToCreate, transaction);
|
|
@@ -137,11 +135,10 @@ export class ModuleBE_PermissionUserDB_Class extends ModuleBE_BaseDB {
|
|
|
137
135
|
});
|
|
138
136
|
await this.set.multi(usersToUpdate);
|
|
139
137
|
}
|
|
140
|
-
|
|
141
|
-
this.
|
|
142
|
-
|
|
143
|
-
|
|
144
|
-
delete this.defaultPermissionGroups;
|
|
138
|
+
getDefaultPermissionGroups = async () => {
|
|
139
|
+
if (!this.config.defaultPermissionGroupIds?.length)
|
|
140
|
+
return [];
|
|
141
|
+
return ModuleBE_PermissionGroupDB.query.where({ _id: { $in: this.config.defaultPermissionGroupIds } });
|
|
145
142
|
};
|
|
146
143
|
/**
|
|
147
144
|
* The system requires to perform action, which in other cases can also be done by a human.
|
|
@@ -220,7 +217,12 @@ export class ModuleBE_PermissionUserDB_Class extends ModuleBE_BaseDB {
|
|
|
220
217
|
return isExpired ? undefined : session;
|
|
221
218
|
})));
|
|
222
219
|
//TODO END
|
|
223
|
-
|
|
220
|
+
this.logWarning(`#### Rotating ${validSessions.length} Sessions! ####`);
|
|
221
|
+
await batchAction(validSessions, 500, async (sessions) => {
|
|
222
|
+
await this.runTransaction(async (t) => {
|
|
223
|
+
await Promise.all(sessions.map(session => ModuleBE_SessionDB._session.rotate.reissue.bySession(session, t)));
|
|
224
|
+
});
|
|
225
|
+
});
|
|
224
226
|
}
|
|
225
227
|
}
|
|
226
228
|
export const ModuleBE_PermissionUserDB = new ModuleBE_PermissionUserDB_Class();
|
|
@@ -137,7 +137,7 @@ class ModuleBE_Permissions_Class extends Module {
|
|
|
137
137
|
};
|
|
138
138
|
__performProjectSetup() {
|
|
139
139
|
return {
|
|
140
|
-
priority:
|
|
140
|
+
priority: 100,
|
|
141
141
|
processor: async () => {
|
|
142
142
|
const projects = dispatcher_collectPermissionsProjects.dispatchModule();
|
|
143
143
|
projects.reduce((issues, project) => {
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@nu-art/permissions-backend",
|
|
3
|
-
"version": "0.401.
|
|
3
|
+
"version": "0.401.9",
|
|
4
4
|
"description": "Permissions Backend",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"TacB0sS",
|
|
@@ -35,15 +35,15 @@
|
|
|
35
35
|
"test": "ts-mocha -w -p src/test/tsconfig.json --timeout 0 --inspect=8107 --watch-files '**/*.ts' src/test/__all-tests.ts"
|
|
36
36
|
},
|
|
37
37
|
"dependencies": {
|
|
38
|
-
"@nu-art/permissions-shared": "0.401.
|
|
39
|
-
"@nu-art/firebase-backend": "0.401.
|
|
40
|
-
"@nu-art/firebase-shared": "0.401.
|
|
41
|
-
"@nu-art/google-services-backend": "0.401.
|
|
42
|
-
"@nu-art/thunderstorm-backend": "0.401.
|
|
43
|
-
"@nu-art/thunderstorm-shared": "0.401.
|
|
44
|
-
"@nu-art/ts-common": "0.401.
|
|
45
|
-
"@nu-art/user-account-backend": "0.401.
|
|
46
|
-
"@nu-art/user-account-shared": "0.401.
|
|
38
|
+
"@nu-art/permissions-shared": "0.401.9",
|
|
39
|
+
"@nu-art/firebase-backend": "0.401.9",
|
|
40
|
+
"@nu-art/firebase-shared": "0.401.9",
|
|
41
|
+
"@nu-art/google-services-backend": "0.401.9",
|
|
42
|
+
"@nu-art/thunderstorm-backend": "0.401.9",
|
|
43
|
+
"@nu-art/thunderstorm-shared": "0.401.9",
|
|
44
|
+
"@nu-art/ts-common": "0.401.9",
|
|
45
|
+
"@nu-art/user-account-backend": "0.401.9",
|
|
46
|
+
"@nu-art/user-account-shared": "0.401.9",
|
|
47
47
|
"express": "^4.18.2",
|
|
48
48
|
"firebase": "^11.9.0",
|
|
49
49
|
"firebase-admin": "13.4.0",
|
|
@@ -63,7 +63,6 @@
|
|
|
63
63
|
"@types/chai": "^4.3.4",
|
|
64
64
|
"@types/mocha": "^10.0.1",
|
|
65
65
|
"@types/history": "^4.7.2",
|
|
66
|
-
"@types/request": "^2.48.1",
|
|
67
66
|
"@types/saml2-js": "^1.6.8"
|
|
68
67
|
},
|
|
69
68
|
"unitConfig": {
|
package/permissions.d.ts
CHANGED
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
import { DefaultDef_Group } from '@nu-art/permissions-shared';
|
|
2
2
|
import { PermissionKey_BE } from './PermissionKey_BE.js';
|
|
3
3
|
import { DefaultDef_Domain, DefaultDef_Package } from './types.js';
|
|
4
|
+
export declare const PermissionKeyBE_AccountManagement: PermissionKey_BE<"permission-key--account-management-admin">;
|
|
4
5
|
export declare const PermissionKeyBE_DeveloperViewer: PermissionKey_BE<"permission-key--developer-viewer">;
|
|
5
6
|
export declare const PermissionKeyBE_DeveloperEditor: PermissionKey_BE<"permission-key--developer-editor">;
|
|
6
7
|
export declare const PermissionKeyBE_DeveloperAdmin: PermissionKey_BE<"permission-key--developer-admin">;
|
package/permissions.js
CHANGED
|
@@ -3,7 +3,7 @@ import { defaultValueResolverV2, PermissionKey_BE } from './PermissionKey_BE.js'
|
|
|
3
3
|
import { ApiDef_ActionProcessing } from '@nu-art/thunderstorm-shared/action-processor/index';
|
|
4
4
|
import { ApiDef_CollectionActions } from '@nu-art/thunderstorm-shared/collection-actions/api-def';
|
|
5
5
|
import { ApiDef_Account, DBDef_Accounts } from '@nu-art/user-account-shared';
|
|
6
|
-
import { PermissionKey_DeveloperAdmin, PermissionKey_DeveloperViewer, PermissionKey_DeveloperWriter } from '@nu-art/permissions-shared/permission-keys';
|
|
6
|
+
import { PermissionKey_AccountManagementAdmin, PermissionKey_DeveloperAdmin, PermissionKey_DeveloperViewer, PermissionKey_DeveloperWriter } from '@nu-art/permissions-shared/permission-keys';
|
|
7
7
|
import { ApiDef_SyncEnv } from '@nu-art/thunderstorm-shared';
|
|
8
8
|
// export const PermissionsAccessLevel_ReadSelf = Object.freeze({name: 'Read-Self', value: 50});
|
|
9
9
|
const Domain_PermissionsDefine_ID = '48d5ace0cbb2a14c8a0ca3773a4a2962';
|
|
@@ -25,14 +25,19 @@ const _Domain_PermissionsAssign = {
|
|
|
25
25
|
namespace: 'Permissions Assign',
|
|
26
26
|
dbNames: [DBDef_PermissionGroup.dbKey, DBDef_PermissionUser.dbKey],
|
|
27
27
|
};
|
|
28
|
+
export const PermissionKeyBE_AccountManagement = new PermissionKey_BE(PermissionKey_AccountManagementAdmin, () => defaultValueResolverV2(_Domain_AccountManagement._id, DefaultAccessLevel_Admin.name));
|
|
28
29
|
const _Domain_AccountManagement = {
|
|
29
30
|
_id: Domain_AccountManagement_ID,
|
|
30
31
|
namespace: 'Account Management',
|
|
31
32
|
dbNames: [DBDef_Accounts.dbKey],
|
|
33
|
+
permissionKeys: [
|
|
34
|
+
PermissionKeyBE_AccountManagement,
|
|
35
|
+
],
|
|
32
36
|
customApis: [
|
|
33
37
|
{ path: ApiDef_Account._v1.createAccount.path, accessLevel: DefaultAccessLevel_Admin.name },
|
|
34
38
|
{ path: ApiDef_Account._v1.createToken.path, accessLevel: DefaultAccessLevel_Admin.name },
|
|
35
39
|
{ path: ApiDef_Account._v1.getSessions.path, accessLevel: DefaultAccessLevel_Admin.name },
|
|
40
|
+
{ path: ApiDef_Account._v1.deleteAccount.path, accessLevel: DefaultAccessLevel_Admin.name },
|
|
36
41
|
]
|
|
37
42
|
};
|
|
38
43
|
export const PermissionKeyBE_DeveloperViewer = new PermissionKey_BE(PermissionKey_DeveloperViewer, () => defaultValueResolverV2(Domain_Developer._id, DefaultAccessLevel_Read.name));
|